Hope you are keeping safe especially with the activities going on around us?
Today on Privacy Note, British Airways has been fined £20 million for the breach of personal data of its customers that occurred in 2018. According to the Information Commissioner’s Office (ICO), the fine stems from a data breach reported by the airline in September 2018, of its website and mobile app. The breach exposed the personal and financial details of 500,000 customers – including name, address, bank card details, who made bookings on its website, and the airline’s app.
The fine is considerably smaller than the £183m that the ICO originally said it intended to issue back in 2019. It said “the economic impact of Covid-19” had been taken into account. However, it is one of the largest penalties issued to an organisation.
At the time of the breach, an investigation carried out by the ICO shows that British Airways did not have the proper security protocols in place to protect the large volume of personal data it processes and stores.
Also, an important takeaway from the recent ICO decision to reduce fine for British Airways shows that regulators are adjusting to the special circumstances of the current global situation. What remains to be seen is will other data protection authorities follow?
It is expedient all organisations processing large volumes of personal data has all the necessary measures in place to prevent a cyber attack.
Here are some few recommendations to help protect your organisation:
- Avoid clicking on links that you are unsure about.
- Use unique, complex passwords with a combination of lower and upper-case letters, numbers, and symbols.
- Do not use the same password across your accounts.
- Do not share your passwords with people and avoid common social engineering threats.
- Make sure you change your passwords more often.
- Back up data on a regular basis so you can always recover it.
- Always update your anti-virus software and malware protection.
- Ensure the websites you visit are safe and secure by checking the URL. Make sure it begins with https – the “s” stands for “secure.”
Feel free to contact us so that we can help you comply with the regulatory demands of data protection. We also provide trainings to develop your knowledge and skills in cyber security and data privacy.
Thank you for staying tuned…
See you in a bit.